VYPR

Kivicare Clinic Management System

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-66095HigNov 21, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13.

  • CVE-2026-42735HigMay 27, 2026
    risk 0.53cvss 8.2epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through <= 4.3.0.

  • CVE-2026-0927MedJan 23, 2026
    risk 0.27cvss 5.3epss 0.00

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for…